2.7 million recorded phone calls public on internet!

NilsG · February 19, 2019, 3:35pm

in Sweden, you have a phone number you can call and get free medical support (1177). The system is from the government and part of the medical care in Sweden.
but, as so often the actual work is done by private contractors. It is one of these contractors that them self hired another contractor that had an NAS server where all the calls made was stored. and somehow this server was completely open to the internet. no password, no security at al. just surf in to an public ip and there it was. every call from 2013 to real time recordings of private information. 170.000 hours of recordings.

How can this happen? “Human error” according to the person in charge on the subcontractor ses that this should not be able to happen because it is “not connected to the internet, it is just connected to the phones and computer that uses it directly, and therefore there is no passwords on it”. the reporter ask if that is so how can this happen? “They do not know when, but probably under an update someone had connected an network cable directly to the hard-drive from the internet so it got an ip adress”. (yes the article sed directly in to the hard-drive). and also “regular persons do not know how to get in, but those ho can could do some sort of special command to sneak in thru an backdoor”. (the special command is printing: http://188.92.248.19:443/medicall/, in the web browser)
he also say that they have surveillance on there equipment but because it had get an own cable directly to the internet it was not under the surveillance.

and here comes the best this person say:
Men det visar sig att även den simplaste hårddisk är nåbar om den ansluts till nätet. Det är ju bara att ta åt sig av detta och säga ”wow, fasiken också”.
Translation: apparently even the simplest hard-drive is reachable if it is connected to the internet. We just have to learn by this and say “wow dammit”.

ok, he tries to dumb it down to the media, but in my opinion he just does the thing even worse by showing how little knowledge about the system he has.

Sorry, i have no sites in english about this but here is the links to the sources anyway, if you have questions just ask and i try to translate and anser as good as i can. just sad to se how such important information can leek out by a so basic problem. and, hwo the f**k connects an NAS directly to the internet without an firewall!!!

LTS_Tom · February 19, 2019, 3:58pm

The contractor https://www.voiceintegrate.com/ has a really awful web site and is completely what I expected.

g-aitc · February 19, 2019, 6:38pm

@LTS_Tom “awful” is being to kind. By the way I saw something about Docker having a hole in it but there is a patch. Think it was on the Level1 news for today.

LTS_Tom · February 19, 2019, 6:53pm

We patched it the day it came out, security moves fast, that was so last week…lol. It was https://nvd.nist.gov/vuln/detail/CVE-2019-5736

g-aitc · February 19, 2019, 7:01pm

I missed that one. Don’t run containers nor do any of my clients, strictly VMs. Have you seen Brian Krebs story from Mon 18 Feb he does a deep dive on the DNS Hijacking.